The growth of enterprises result in heterogeneous environments with complex business demands. Some of the biggest identity and access management (IAM) challenges faced by these organizations include inconsistent password policies, excessive identities and directories, diverse and time-consuming auditing processes and an increasing need to stay on top of compliance regulations. Moreover, maintaining an enterprise LAN border is no longer viable as enterprises shift to cloud platforms and adopt SaaS and mobile apps that cross typical security domain boundaries.
Your productivity levels will go down if users can’t access the apps they need, the risk of breach when employees access apps outside of your enterprise will increase and you will face high maintenance costs for legacy systems. To avoid this, you need to implement a modern identity and access management solution that provides seamless user experiences, secures access for employees and partners, easily integrates legacy system as well as cloud and mobile apps, and manages employee data securely and efficiently.
Malithi and Pulasthi explored how to address these IAM challenges and adopt strategies that lead to efficient, secure and compliant IAM. They will discuss
The IAM challenges of complex heterogeneous enterprises
Common IAM use cases
Common patterns for IAM solutions
Enterprise Identity and Access Management Use Cases
1. Enterprise Identity and Access Management
Use Cases
Malithi Edirisinghe Pulasthi Mahawithana
Associate Technical Lead Senior Software Engineer
August 8, 2017
2. TODAY’S IT CHALLENGES
2
2
More
Compliant
Business
● Increasing
regulatory demands
● Increasing privacy
concerns
● Business viability
concerns
More Agile
Business
● More accessibility
for employees,
partners and
customers
● High level of B2B
integrations
● Faster reaction to
changing
requirements
More Secured
Business
● Identity theft
● Intellectual property
theft
● Constant global
threats
3. TODAY’S SECURITY IS NO LONGER SECURE
● Two-thirds of organizations averaged five or more breaches in
the past two years
Forrester Consulting Thought Leadership Paper, February 2017
● Nearly six billion data records were lost or stolen in past few
years
● An average of over 165,000 records compromised every hour
http://www.breachlevelindex.com/
● Global cybercrime-related damage costs are expected to exceed
$6 trillion annually by 2021
www.csoonline.com/article/3153707/security/ top-5-cybersecurity-facts-figures-and-
statistics-for-2017.htm
3
4. How do you rate the need for having a mature IAM to succeed in
Digital Transformation ?
IAM FOR DIGITAL BUSINESS
4
Kuppinger Cole Ltd.,Berlin,
29.06.2017
5. FORRESTER IAM MATURITY MODEL
● Nonexistence (level-0): No identity management system in
place — and do not realize the need.
● Ad hoc (level-1): Occasionally, not consistent, not planned,
disorganized.
● Repeatable (level-2): Intuitive, not documented, occurs only
when necessary.
● Defined (level-3): Documented, predictable, occurs only when
necessary.
● Measured (level-4): Well-managed, formal, often automated,
evaluated frequently.
● Optimized (level-5): Continuous and effective, integrated,
proactive, usually automated.
5
6. ENTERPRISE IAM USECASES
● Identity Lifecycle Management
● Seamless access to applications and resources
● Regulatory Compliance
○ Identity Assurance
○ Auditing, Reporting and Monitoring
● Fraud Detection, Prevention and User Behavior
Analytics
6
8. IDENTITY LIFECYCLE MANAGEMENT
Phases
● User On-boarding/Account Activation
● Account Maintenance and Support
● User Off-boarding/Account Termination
These processes will differ for
● Employees
● Partners
● Contractors
8
9. USER ONBOARDING / ACTIVATION
9
● Usually involves
○ Workflow approval
○ Provisioning accounts
○ Verifications
■ Mail
■ Phone
○ Activation
10. Over the time the employees will require
● Privilege changes due to
○ Promotions
○ Change of Roles
● Profile updates
ACCOUNT MAINTENANCE
10
11. ● Deprovision the federated accounts
● Delete/Disable the account
USER OFFBOARDING/TERMINATION
11
22. AUTHENTICATION LEVELS
22
Meaning Authentication
AL1
Little or no
confidence
PIN and Password
AL2 Some confidence Single factor Authentication
AL3 High Confidence
Multi-factor Authentication
via ‘soft’, ‘hard’, ‘OTP’ tokens
AL4
Very High
Confidence
Multi-factor cryptographic
authentication with hard
tokens
23. PASSWORD RECOMMENDATIONS
● No universally accepted alternative for password
● Password recommendations:
○ Min, Max length
■ PINs - min: 6 digits
■ Passwords - min: 8 characters, max:64 characters
○ Specific character content
○ Password validation
■ against history
■ against a dictionary of bad choices
○ Avoid brute force and dictionary attacks
● Recovery and Password Reset
○ Security questions/ hints
○ Email Notifications
23
24. AUDITING AND MONITORING
● You might not know who will access your system
● Full Audit on user activities are important
○ Specially on User Management, Admin
operations
○ Who, What, From Where, When, How
24
28. ENTERPRISE IAM PLANNING
28
Assess your
current IAM
strategy
1
Have a clear inventory
of your current identity
and authentication
infrastructure and
policies
2 Evaluate the
right IAM
approach
Security, Productivity
and Compliance
concerns
Cloud Vs Corporate
deployments
Open standards Vs
Proprietary Interfaces
Assemble key
stakeholders
Define deployment plan
Implement IAM solution
Gain end user
acceptance
Define a strategy
to execute IAM
plan
3
28
29. ENTERPRISE IAM TRENDS
● By 2019, more than 80 percent of organizations will use
access management software or services, up from 55
percent today.
● By 2021, IDaaS will be the majority access management
delivery model for new purchases, up from less than 20%
today.
Gartner Magic Quadrant for Access Management,
June 2017
29